It is currently 23.03.2017 06:22


All times are UTC




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Zerina not pushing routes properly to Clients
PostPosted: 09.03.2009 22:37 
DES
DES

Joined: 06.03.2009 04:26
Posts: 2
Hello All,

I am aware that most of the posts on this forum is in German. I have been using http://babelfish.yahoo.com/ to translate.

I have been reading through many other posts, some have a similar problem, but the solutions suggested did not seem to work on my ipcop installation.


Here is an instance of OpenVPN system logs through the web gui

Code:
16:25:30   openvpnserver   MULTI: multi_create_instance called
16:25:30   openvpnserver   66.46.104.15:1194 Re-using SSL/TLS context
16:25:30   openvpnserver   66.46.104.15:1194 WARNING: normally if you use --mssfix and/or --fragment, you s hould also set --tun-mtu 1500 (currently it is 1400)
16:25:30   openvpnserver   66.46.104.15:1194 Control Channel MTU parms [ L:1441 D:138 EF:38 EB:0 ET:0 EL:0 ]
16:25:30   openvpnserver   66.46.104.15:1194 Data Channel MTU parms [ L:1441 D:1441 EF:41 EB:4 ET:0 EL:0 ]
16:25:30   openvpnserver   66.46.104.15:1194 Local Options hash (VER=V4): '778eeec5'
16:25:30   openvpnserver   66.46.104.15:1194 Expected Remote Options hash (VER=V4): '57657c3f'
16:25:30   openvpnserver   66.46.104.15:1194 TLS: Initial packet from 66.46.104.15:1194, sid=fcccb7c5 2f183 af6
16:25:30   openvpnserver   66.46.104.15:1194 VERIFY SCRIPT OK: depth=1, /C=CA/O=CDL/OU=IT/CN=CDL_CA
16:25:30   openvpnserver   66.46.104.15:1194 CRL CHECK OK: /C=CA/O=CDL/OU=IT/CN=CDL_CA
16:25:30   openvpnserver   66.46.104.15:1194 VERIFY OK: depth=1, /C=CA/O=CDL/OU=IT/CN=CDL_CA
16:25:30   openvpnserver   66.46.104.15:1194 VERIFY SCRIPT OK: depth=0, /C=CA/O=CDL/CN=jtaylor
16:25:30   openvpnserver   66.46.104.15:1194 CRL CHECK OK: /C=CA/O=CDL/CN=jtaylor
16:25:30   openvpnserver   66.46.104.15:1194 VERIFY OK: depth=0, /C=CA/O=CDL/CN=jtaylor
16:25:30   openvpnserver   66.46.104.15:1194 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
16:25:30   openvpnserver   66.46.104.15:1194 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HM AC authentication
16:25:30   openvpnserver   66.46.104.15:1194 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
16:25:30   openvpnserver   66.46.104.15:1194 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HM AC authentication
16:25:30   openvpnserver   66.46.104.15:1194 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
16:25:30   openvpnserver   66.46.104.15:1194 [jtaylor] Peer Connection Initiated with 66.46.104.15:1194
16:25:30   openvpnserver   jtaylor/66.46.104.15:1194 MULTI: Learn: 10.4.246.6 -> jtaylor/66.46.104.15:1194
16:25:30   openvpnserver   jtaylor/66.46.104.15:1194 MULTI: primary virtual IP for jtaylor/66.46.104.15:119 4: 10.4.246.6
16:25:32   openvpnserver   jtaylor/66.46.104.15:1194 PUSH: Received control message: 'PUSH_REQUEST'
16:25:32   openvpnserver   'PUSH_REPLY,route 10.4.245.0 255.255.255.0,route 10.4.246.1,ping 10,ping-restart 60,ifconfig 10.4.246.6 10.4.246.5' (status=1)


When I make edits to the system.conf to reflect a more complete environment I get the following:

Code:
PUSH_REPLY,route 10.4.245.0 255.255.255.0,dhcp-option DOMAIN cdl.local,dhcp-opt ion DNS 10.4.245.3,route 10.4.246.1,ping 10,ping-restart 60,ifconfig 10.4.246.6 10.4.246.5' (status=1)


I don't know why/if this is a normal way this message is to be displayed (it has inappropriate spaces in my opinion) and if that is the cause of my troubles.

green is 10.4.245.0\24
red is 66.46.104.0\29 server is 66.46.104.10
virtual vpn is 10.4.246.0\24

Until I started this project, I unfortunately do not have much experience with VPN setups and witch files I need to display or edit to get this working.

Any help is greatly appreciated.

Bender


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Zerina not pushing routes properly to Clients
PostPosted: 10.03.2009 13:20 
Profi
Profi

Joined: 23.10.2007 12:10
Posts: 2165
server.conf and
client.conf
would be helpful
IPCop..what 1.x.y ?
ZERINA-Version ?

F.


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Zerina not pushing routes properly to Clients
PostPosted: 10.03.2009 18:22 
DES
DES

Joined: 06.03.2009 04:26
Posts: 2
Hello,
Thank your for your prompt reply.

I am using IPCOP 1.4.21 (install of 1.4.20 and update to newest version)

I started with 1.4.18 because I had the normal issue of the version check and was able to eventually figure out how to override that on my own reading the install file.

(I have wiped everything out soo many times to eliminate errors from previous failed attempt to fix this.)

I started off with ZERINA-0.9.5b-Installer.tar.gz, and have now moved onto ZERINA-9.7a14-Installer because I had no luck with the stable version.

server.conf
Code:
#OpenVPN Server conf

daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare ZERINA for listening on blue and orange
;local 66.46.104.10
dev tun
tun-mtu 1400
proto udp
port 1194
tls-server
ca /var/ipcop/ovpn/ca/cacert.pem
cert /var/ipcop/ovpn/certs/servercert.pem
key /var/ipcop/ovpn/certs/serverkey.pem
dh /var/ipcop/ovpn/ca/dh1024.pem
server 10.4.246.0 255.255.255.0
push "route 10.4.245.0 255.255.255.0"
keepalive 10 60
status-version 1
status /var/log/ovpnserver.log 30
cipher BF-CBC
push "dhcp-option DOMAIN cdl.local"
push "dhcp-option DNS 10.4.245.3"
max-clients 100
tls-verify /var/ipcop/ovpn/verify
crl-verify /var/ipcop/ovpn/crls/cacrl.pem
user nobody
group nobody
persist-key
persist-tun
verb 3


I will venture to guess the file *.ovpn is the client.conf file
Code:
#OpenVPN Client conf
tls-client
client
dev tun
proto udp
tun-mtu 1400
remote 66.46.104.10 1194
pkcs12 Jonathon.p12
cipher BF-CBC
verb 3
ns-cert-type server


It is worth noting that with the previous version (0.9.5b) there is always an error on the install.
Code:
4. Installing new files ....OK!
..OK!
5. Adding entrys .....Cannot read ENABLED

ZERINA Installer finished

This is part of the reason I went to version 0.9.7a14 it had no errors on install (that it mentioned)

Your help is greatly appreciated,

Bender


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net